Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
☆117Jan 29, 2026Updated last month
Alternatives and similar repositories for ColdWer
Users that are interested in ColdWer are comparing it to the libraries listed below
Sorting:
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆64Apr 2, 2025Updated 11 months ago
- A Crystal Palace shared library to resolve & perform syscalls☆57Oct 29, 2025Updated 4 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated 2 months ago
- A stager and implant that executes remote Web Assembly☆37Feb 4, 2026Updated last month
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 7 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆145Apr 18, 2025Updated 10 months ago
- ☆42Dec 24, 2025Updated 2 months ago
- query specific user and login IP from remote machine☆18Nov 19, 2022Updated 3 years ago
- ☆19Sep 1, 2025Updated 6 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆152Nov 23, 2025Updated 3 months ago
- Adversary Emulation Framework☆129Jul 1, 2025Updated 8 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- ☆18Aug 8, 2024Updated last year
- A C Implementation for using a new method to invoke undetectable indirect syscalls☆20Dec 2, 2025Updated 3 months ago
- adws enumeration bof☆169Feb 16, 2026Updated 3 weeks ago
- ☆48Dec 5, 2025Updated 3 months ago
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆210Jan 6, 2026Updated 2 months ago
- A tool to play with scheduled tasks on Windows, in Rust☆122Nov 1, 2025Updated 4 months ago
- ☆26Aug 11, 2025Updated 6 months ago
- Dump processes over WMI with MSFT_MTProcess☆84Feb 13, 2026Updated 3 weeks ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 3 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆188Jan 17, 2026Updated last month
- Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …☆143Feb 14, 2026Updated 3 weeks ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆138Apr 6, 2025Updated 11 months ago
- Blog/Journal on how to backdoor VSCode extensions☆77Feb 24, 2026Updated last week
- BOF to run PE in Cobalt Strike Beacon without console creation☆186Nov 23, 2025Updated 3 months ago
- A bunch of shenanigans using functions, VEH and more☆37Jun 8, 2025Updated 9 months ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆105Jan 26, 2026Updated last month
- Local SYSTEM auth trigger for relaying☆168Jul 22, 2025Updated 7 months ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆237Aug 25, 2024Updated last year
- ☆147Nov 6, 2025Updated 4 months ago
- Validates priv escalation of AD trusts☆47Apr 1, 2025Updated 11 months ago
- in-process powershell runner for BRC4☆48Oct 31, 2023Updated 2 years ago
- ☆142Sep 9, 2025Updated 6 months ago
- Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during re…☆43Aug 10, 2025Updated 6 months ago
- BOF template with boflink and mutator kit support☆49Jan 8, 2026Updated 2 months ago
- Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.☆233Dec 18, 2025Updated 2 months ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- poc for cve-2025-53772☆46Dec 10, 2025Updated 2 months ago